CVE-2011-0745

SugarCRM < 6.1.3 - Authenticated Information Disclosure via ShowDuplicates Action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-0745. PoCs published by RedTeam Pentesting GmbH.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in SugarCRM where unauthenticated access to certain URLs exposes sensitive data. No actual exploit code is present, only a description and example URLs.

Description

SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by RedTeam Pentesting GmbH · textwebappsphp

https://www.exploit-db.com/exploits/35467

View Code ZIP pw:eip

The provided text describes an information disclosure vulnerability in SugarCRM where unauthenticated access to certain URLs exposes sensitive data. No actual exploit code is present, only a description and example URLs.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SugarCRM (version not specified)

No auth needed

Prerequisites: Network access to the target SugarCRM instance

MITRE ATT&CK